Myths and Truths

Sometimes, as network engineers, we have doubts about obvious things although we work with them daily. From time to time, my colleagues and I like to test each other with questions which we have to think deeply about it. Some of them easy but another not as easy. In addition, we often ask this questions to the beginners who work with us to know if they have done the tasks at University and they really know these basic networking concepts.

Can we ping a TCP port?

First, an important concept that every network engineer should know, without doubts, is about the ICMP protocol and TCP/UDP protocol. Can we ping a TCP port? The answer is NO. Why? Because ping use ICMP echo request and echo reply packets which are in the layer 3 to measure the round-trip time (RTT) for messages sent from the originating host to a destination computer and back. However, ping works in layer 3 instead of layer 4 like TCP/UDP.

Nevertheless, the word “ping” comes from active sonar terminology that sends a pulse of sound and listens for the echo to detect objects under water. What does it mean? Well, we can also measure the round-trip time (RTT) since we open a TCP connection till we close it. Therefore, when we talk about ping we usually talk about layer 3, although we should know that TCP round-trip time is measurable.

Ping al puerto tcp/80

Análisis del ping al puerto tcp/80

Is ARP a layer 3 protocol or a layer 2 protocol?

Another mistake, and it is difficult to understand sometimes, is about the ARP protocol. Is ARP a layer 3 protocol or a layer 2 protocol? Some people think that it is a layer 3 protocol because it is encapsulated in a layer 2 protocol. However, ARP is a layer 2 protocol that it is used by the IP which works in layer 3. Therefore, ARP works below the network layer, it isn't routable and it is used as a service by the Internet Protocol (IP).

Análisis de tráfico ARP

Do we have two Gigabit of throughput in a full-duplex mode?

Today, switches have interfaces with the auto-negotiation feature. Therefore, we know that we don't have to worry about the negotiation because switches are going to negotiate the best method. Most of the time, switches are going to negotiate in a full-duplex mode. We also know that full-duplex is a bidirectional connection which allow us to send and receive data at the same time. However, if we have switches with Gigabit interfaces connected each other, do we have two Gigabit of throughput in a full-duplex mode? Yes but no. We will have one Gigabit of throughput for transmitting and another Gigabit of throughput for receiving. Therefore, two Gigabit of capacity but in each direction because it is bidirectional.

Who has the 127.250.250.250 IP address?

Finally, another questions that we can ask them is about the loopback interface. Who has the 127.250.250.250 IP address? First, we ask them to ping it and they see that it works, who has this IP? In fact, we should know that class A network 127.X.X.X/8 is the loopback address block which can be used to test our TCP/IP stack and therefore it should always respond to internal ICMP packets.

Ping a la interface de loopback

Of course that there are more interesting concepts and questions to take into account which we don't think about it sometimes, and it is useful when we want to test someone. Would you like to help me with more myths and truths to have better network engineers?

Regards my friend and remember, drop me a line with the first thing you are thinking.